package com.kime.shiro.controller;

import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * Created with IntelliJ IDEA.
 *
 * @Auther: JiangYi
 * @Date: 2022-03-15 23:18:34
 * @Description: 订单模块
 */
@Controller
@RequestMapping("/order")
public class OrderController {

    @RequestMapping("/save")
    // 使用注解方式授权
    @RequiresRoles(value = {"admin", "user"}) // 用来判断角色 同时具有 admin user
    @RequiresPermissions("user:find:01") // 用来判断权限字符串
    public String save() {
        System.out.println("进入方法");
        // 获取主体对象
        // Subject subject = SecurityUtils.getSubject();
        // 使用代码方式授权
//        if (subject.hasRole("admin")) {
//            System.out.println("保存订单！");
//        } else {
//            System.out.println("无权访问！");
//        }
        // 基于权限字符串
        return "redirect:/index.jsp";
    }

}
